Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Subversion < 1.6.21 / 1.7.x < 1.7.9 DoS

Medium

Synopsis

The remote host is running a version of Apache Subversion's 'mod_dav_svn' HTTPD server module that is vulnerable to denial of service (DoS) attack.

Description

Versions of Apache Subversion prior to 1.6.21, or 1.7.x prior to 1.7.9 are affected by a flaw in the 'mod_dav_svn' module that may allow a remote denial of service. The issue is triggered when the program does not properly handle the MOVE, COPY, or DELETE HTTP requests. With a specially crafted SVN commit request, a remote attacker can cause the program to crash.

Solution

Upgrade to Apache Subversion 1.7.9 or later. If 1.7.x cannot be obtained, 1.6.21 is also patched for this vulnerability.